Highlighted

Android - migrate your app to OpenSSL 1.02f

Explorer ,
Apr 20, 2016

Copy link to clipboard

Copied

I published my app using Adobe Air 21.0.0.198 / 22 .x.x.x but google still reports the vulnerability.

I used the command: unzip -p xxxx.apk | strings | grep "OpenSSL" and it results in:

N16OpenSSLCryptImpl12EVP_PKEY_OBJE

N8pkASUtil5PImplI23OpenSSLCryptoEngineImplEE

N16OpenSSLCryptImpl22OpenSSLDigestOperationE

N16OpenSSLCryptImpl22OpenSSLSymKeyOperationE

N16OpenSSLCryptImpl13OpenSSLSymKeyE

N16OpenSSLCryptImpl29OpenSSLRSAVerificationContextE

N16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoE

N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoEEE

N16OpenSSLCryptImpl16OpenSSLPublicKeyE

N16OpenSSLCryptImpl18PrivKeyDecodedInfoE

N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl18PrivKeyDecodedInfoEEE

N16OpenSSLCryptImpl17OpenSSLPrivateKeyE

23OpenSSLCryptoEngineImpl

19OpenSSLCryptoEngine

/Users/labuser/builds/001f5b3931bc/ssl+sage.corp.adobe.com+21920/drm/drm_5_3_rankin/client/components/ascrypt/source/OpenSSL/OpenSSL_CryptImpl.cpp

OpenSSL

could not load PEM client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)

could not load ASN1 client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)

could not parse PKCS12 file, check password, OpenSSL error %s

could not load PKCS12 client certificate, OpenSSL error %s

TLSv1 part of OpenSSL 1.0.2f  28 Jan 2016

OpenSSL 1.0.2f  28 Jan 2016

%s(%d): OpenSSL internal error, assertion failed: %s

SHA-256 part of OpenSSL 1.0.2f  28 Jan 2016

DlSHA-512 part of OpenSSL 1.0.2f  28 Jan 2016

Big Number part of OpenSSL 1.0.2f  28 Jan 2016

So the openssl version is right, I do not understand why.

Help.

TOPICS
Air beta

Views

785

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Android - migrate your app to OpenSSL 1.02f

Explorer ,
Apr 20, 2016

Copy link to clipboard

Copied

I published my app using Adobe Air 21.0.0.198 / 22 .x.x.x but google still reports the vulnerability.

I used the command: unzip -p xxxx.apk | strings | grep "OpenSSL" and it results in:

N16OpenSSLCryptImpl12EVP_PKEY_OBJE

N8pkASUtil5PImplI23OpenSSLCryptoEngineImplEE

N16OpenSSLCryptImpl22OpenSSLDigestOperationE

N16OpenSSLCryptImpl22OpenSSLSymKeyOperationE

N16OpenSSLCryptImpl13OpenSSLSymKeyE

N16OpenSSLCryptImpl29OpenSSLRSAVerificationContextE

N16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoE

N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoEEE

N16OpenSSLCryptImpl16OpenSSLPublicKeyE

N16OpenSSLCryptImpl18PrivKeyDecodedInfoE

N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl18PrivKeyDecodedInfoEEE

N16OpenSSLCryptImpl17OpenSSLPrivateKeyE

23OpenSSLCryptoEngineImpl

19OpenSSLCryptoEngine

/Users/labuser/builds/001f5b3931bc/ssl+sage.corp.adobe.com+21920/drm/drm_5_3_rankin/client/components/ascrypt/source/OpenSSL/OpenSSL_CryptImpl.cpp

OpenSSL

could not load PEM client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)

could not load ASN1 client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)

could not parse PKCS12 file, check password, OpenSSL error %s

could not load PKCS12 client certificate, OpenSSL error %s

TLSv1 part of OpenSSL 1.0.2f  28 Jan 2016

OpenSSL 1.0.2f  28 Jan 2016

%s(%d): OpenSSL internal error, assertion failed: %s

SHA-256 part of OpenSSL 1.0.2f  28 Jan 2016

DlSHA-512 part of OpenSSL 1.0.2f  28 Jan 2016

Big Number part of OpenSSL 1.0.2f  28 Jan 2016

So the openssl version is right, I do not understand why.

Help.

TOPICS
Air beta

Views

786

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Apr 20, 2016 0

Have something to add?

Join the conversation